Security Advisories & Vulnerability Disclosures

Security is not an afterthought at rConfig — it is foundational to how we design, build, test, and ship every release.

No active security advisories for rConfig recent versions (v5, v6, v7 and v8)

Why Security Matters in Network Configuration Management

In modern IT and OT environments, Network Configuration Management platforms sit directly inside the security perimeter. They control device access, store sensitive configuration data, and automate privileged operations across critical infrastructure.

rConfig plays a central role in helping network and security teams enforce policy, maintain compliance, and reduce risk — while protecting against unauthorized access, configuration drift, and compromise.

Security is not treated as a feature. It is embedded across our architecture, development lifecycle, testing processes, and release management.

Proven Beyond Doubt

We are proud to maintain a transparent and verifiable security history.

Zero reported vulnerabilities in rConfig since 2019

One historical advisory affecting v3.x only, responsibly disclosed and patched

All modern versions (V5+) are unaffected

Complete platform re-architecture since V5.x

Security by Design — Platform Safeguards

Role-Based Access Control (RBAC)

Granular permissions per user, role, device, and action. Essential for multi-admin and regulated environments.

Secure API Endpoints

Token-based authentication, HTTPS-only, optional IP allow-listing, and role-scoped API tokens.

Automated Vulnerability Scanning

Dependency scanning (OWASP, GitHub advisories), static code analysis, and continuous CI/CD enforcement.

10,000+ Automated Tests Per Release

Unit tests, feature tests, integration & API tests, and regression coverage.

Published Security Advisories

There are currently no active security advisories affecting supported versions of rConfig.

DateAdvisory IDAffected VersionCVE ReferenceStatus
2019-07-10rCFG-SA-2019-01v3.xCVE-2023-39110Resolved

* All current versions of rConfig (V5+) are unaffected.

Responsible Disclosure Policy

We actively encourage responsible disclosure from security researchers, customers, and community contributors.

Reporting Instructions

  • Emailsecurity@rconfig.com
  • Please include:
    • Detailed description
    • Steps to reproduce
    • Affected versions
    • Contact details

Our Commitments

  • Acknowledgement within 48 hours
  • Transparent communication
  • Coordinated remediation
  • Public disclosure when appropriate

We may offer Hall of Fame recognition or additional rewards depending on severity and impact.

External Resources & Best Practices

NIST National Vulnerability Database (NVD)OWASP Top 10Laravel Security Best PracticesCommon Vulnerabilities and Exposures (CVE)Have I Been Pwned
  • No current vulnerabilities in rConfig versions 5, 6, 7 and 8
  • Last advisory resolved in 2019 (v3.x only)
  • Secure Laravel core & hardened API architecture
  • Continuous automated testing & scanning
  • Responsible disclosure guaranteed

Security You Can Trust — Transparency You Can Verify

Request a DemoView Documentation
Security Advisories & Vulnerability Disclosures | rConfig - rConfig - Network Configuration Management